Incidentally Dan note that my original question was not about hosting asterisk and not about the NAT of IPs, it was about phones and rewriting the SIP header, which causes issues with our hosted platform.  As far as I understand from the docs, Static port is just releated to keeping the ports the same during NAT, which I made clear at the top was not an issue (as far as I can tell) - NAT has never been an issue for us and basic PAT (which is what cable/DSL modems do by default) changing source ports etc works absolutely fine.

I believe I understand NAT and PAT quite well on a general basis as I am CCNP and my day job is firewall based (but Cisco, Checkpoint etc and I can't get them to move to pfsense, though I try!) and I don't believe it to be a problem (unlike most SIP problems it seems!)

Awww….  Thanks!

Okey after testing my website for nearly 50 different locations the result was some servers was not able to connect to my webserver but after unchecking Block bogon networks.
It works all servers can now connect to my website again but the quastion is how unsafe is this and how come so many servers is being blocked when having this Block bogon networks checked.
Is there a list for this and is it outdated ?

Im using the latest PfSense 2.0 RC

Have a wonderfull day

Here's the two promised files:

Remove .txt extensions from the two files (forum restriction). Use any tool or the diagnostics menu to edit files Replace /etc/inc/openvpn.inc with supplied openvpn.inc Replace /usr/local/www/vpn_openvpn_server.php with vpn_openvpn_server.php

You can then select the TAP adapter for the server and leave the "Tunnel Network" field empty.

Note that this config file doesn't write the server-bridge directive, but rather "mode server" to the config file, since I didn't want the OVPN server to act as a DHCP server for the clients due to the fact that I was bridging the tap interface with a LAN interface.

Let me know if this works for you. Also, if you update to a new snapshot, you'll have to replace the two files again.

@Admins: How to commit the to the repository?

vpn_openvpn_server.php.txt
openvpn.inc.txt

IE6?

I have been looking everywhere for this documentation, thank you very much!

I really wish the documentation regarding this aspect of pfSense wasn't so sparse as all I could find were bits of info alluding to the fact that it was POSSIBLE to use the AD group memberships to authorize WebGUI functions, but not how to accomplish it.

Thanks again,

Chris

Thank you

Is there a plan to commit this change? It seems to work very well, but I find it annoying that I have to re-apply it every time I upgrade the snapshot. If I don't apply this change, vhosts still always is shown as not running in pfSense webGUI, even though ps does report it as running.

Yeah, encrypted private keys are not supported and there are no plans to support them. It tries to use them as-is.

We have some code to try to detect them but if you could still import it, it is apparently still a little flawed.

Excellent, will upgrade tonight.  Thank you  :)

ChPalmer,

Here is what I did so far.  I tried my heart out to configure a Bridge, but probably did it wrong. I tried a million different things to just get the box on Opt1 to get internet with the static ip and gateway of the router, not the pfsense, and nothing.  It would not see internet for it's life.  Let me know what you come up with and I hope your testing succeeds.  I think this would tremendously help the entire community and we can put this in the wiki as soon as we accomplish this.

Looking forward.

Which part of PHP code is responsible for launching rc.filter_configure_sync on backup router when I'll click "Save/Apply Changes" on master router? I guess I'd have to solve this issue myself.

FYI: I found why items from /usr/local/etc/rc.d were starting many times instead of once. Its caused by /etc/rc.newwanip. Whenever new IP is added to wan interface during startup this script calls /etc/rc.start_packages which calls each *.sh with "start" option. I see that calling each *.sh with "stop" was moved out from /etc/rc.start_packages to /etc/rc.stop_packages some time ago. Before issuing "start" command "stop" should run first. Therefore /etc/rc.newwanip should call /etc/rc.stop_packages first to restart services and not only try to start them again which won't work for most of software (they'd only log "already running" instead of restarting).

I've figured it from sources already, but thanks for your answer.

Yeah but there are some patches on our(old) port to make it work better and possibly after 2.0 it will revisit again.

First off: Thanks for this awesome firewall! We have been using 1.2.2 for 2 years and i recently upgraded to 2.0.

Version:
2.0-RC2 (i386)
built on Thu May 12 10:52:38 EDT 2011

I have two problems:

1.After updating it seems the firewall now uses multi gateway failover for some reason? We have two gateways, the first is for normal internet traffic like browsing, sending e-mails, etc. The 2nd gateway is for VoIP only and has a much higher bandwith the the first (default) gateway. Since we are a callcenter we have a lot of VoIP traffic. We noticed that when we restart the modem attached to the 2nd VoIP gateway it starts routing the traffic over the default gateway. Result is that every employee we have cannot work anymore because the default gateway is not meant to handle all the VoIP traffic and gets congested. Is it related to this issue: http://redmine.pfsense.org/issues/1520
Because if so i would love to see an option to turn that feature off!

2.Just like the creator of this topic our PPTP VPN has stopped working. I want to use the PPTP server on pfSense. The only thing i want to do is connect to the office when i'm at home woring on my windows computer. I checked the Advanced section and scrubbing is off and in the rules section i had a PPTP rule for WAN and WAN2. I deleted those and turned off the PPTP server and then turned it back on (so it could re-create rules) but no luck…. Help would be appreciated!

edit: VPN seems to work now. I think it was because i was testing from within the office. I was using WAN2 as default gateway and figured i could make a VPN via WAN gateway but i guess not. Also the disableing and deleting the rules must have worked because before that it didn't work from home. Hope some can reply to my first question. Thanks in advance.

[PPTP log1.txt](/public/imported_attachments/1/PPTP log1.txt)

I just committed a fix:
https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/dc073abdfdf04ccff94077d33b174c061e1f73df

Should be fixed now:

http://redmine.pfsense.org/projects/pfsense/repository/revisions/2b094d211cb911d26d2ba279ba0fb2613f787a27